“If an early infectee had an e-mail list with reporters at all the major news services, that would start the cascade. News organizations do not have radical e-mail attachment limits (like a rule banning all picture attachments) because they get legitimate pictures.”
“It gives anyone on the Internet who comes in as a browsing user the ability to take control of your site. Instead of looking at Web pages, they can make your computer do whatever they want.”
“There is a wave of people looking for infected machines. We are getting into the second wave of infections. We haven't figured what they are doing. But we are seeing a very big wave of scanning.”
“It is a situation where MCSEs had no idea that there is a fundamental vulnerability in IIS and ISAPI mapping and so had no way to protect their systems other than after-the-fact patching,”
“all the new PCs and the new Web servers, multiplied by the fear of top management about security breaches and business-stopping system failures, kept these salaries [growing] three times as fast as salaries [across all industries].”
“It's not a major risk. It's not [doing] either of the two things that are terribly damaging. One is hurting people's machines, and one is knocking things [off-line].”
